- my $query = qq|SELECT password FROM auth."user" WHERE login = ?|;
- my ($stored_password) = $dbh->selectrow_array($query, undef, $login);
-
- $password = crypt $password, substr($login, 0, 2) if (!$password || !$is_crypted);
- $stored_password = crypt $stored_password, substr($login, 0, 2) if (!$stored_password);
+ # Empty password hashes in the database mean just that -- empty
+ # passwords. Hash it for easier comparison.
+ $stored_password = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;
+ my ($algorithm) = SL::Auth::Password->parse($stored_password);
+ my $hashed_password = SL::Auth::Password->hash(password => $password, algorithm => $algorithm, login => $login, stored_password => $stored_password);